Company Overview

Interactive Brokers Group Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich CT USA with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades known for our cutting-edge technology and client commitment.

IBKR affiliates provide global electronic brokerage services around the clock on stocks options futures currencies bonds and funds to clients in over 200 countries and territories. We serve individual investors and institutions including financial advisors hedge funds and introducing brokers. Our advanced technology competitive pricing and global market help our clients to make the most of their investments.

Barrons has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.

This is a hybrid role (3 days in office / 2 days remote).

About your team:

We are seeking an experienced SOC Specialist to help strengthen modernize and optimize our Security Operations capabilities. This role sits at the intersection of security operations detection engineering security automation and incident response.

The ideal candidate is passionate about improving SOC effectiveness through better detection logic SIEM/XDR optimization automation threat detection engineering and operational process improvements. You will play a key role in reducing alert fatigue improving signal-to-noise ratio accelerating response times and enhancing overall security visibility across the enterprise.

This position requires hands-on experience with enterprise security technologies log analytics threat detection incident investigations and security automation platforms.

What will be your responsibilities within IBKR:

• Security Monitoring & Incident Response

  • Monitor analyze investigate and respond to security alerts and incidents across enterprise environments.
  • Perform triage and escalation of security events in accordance with incident response procedures.
  • Conduct root cause analysis and document findings containment actions and remediation recommendations.
  • Participate in incident response activities including malware investigations insider threat investigations and account compromise incidents.
  • Support threat hunting and proactive detection activities.

  Detection Engineering

  • Develop tune and optimize SIEM detection rules correlation searches analytics and alerting mechanisms.
  • Create and maintain high-fidelity detections mapped to MITRE ATT&CK techniques and adversary behaviors.
  • Continuously improve detection coverage across endpoints cloud platforms identity systems networks and applications.
  • Measure and improve detection effectiveness through detection engineering metrics and validation exercises.
  • Reduce false positives and improve alert quality through continuous tuning and optimization.

  SIEM XDR & Security Platform Management

  • Administer and optimize security monitoring platforms including SIEM XDR EDR NDR and cloud security tooling.
  • Maintain log ingestion pipelines data normalization parsing enrichment and retention strategies.
  • Validate health performance and scalability of security monitoring infrastructure.
  • Collaborate with infrastructure cloud and application teams to onboard new log sources and security telemetry.

  Security Automation & SOAR

  • Design develop and maintain SOAR playbooks and automated response workflows.
  • Automate repetitive SOC tasks to improve analyst efficiency and reduce response times.
  • Integrate security tools using APIs scripting and workflow orchestration platforms.
  • Develop automated enrichment containment and investigation processes.

  Threat Intelligence & Threat Hunting

  • Leverage threat intelligence feeds and indicators of compromise (IOCs) to improve detection capabilities.
  • Conduct threat hunting activities using endpoint network cloud and identity telemetry.
  • Research emerging threats attacker techniques and vulnerabilities affecting the organization.
  • Assist with purple team exercises and detection validation efforts.

  Security Operations Improvement

  • Identify opportunities to improve SOC processes workflows runbooks and operational metrics.
  • Develop and maintain SOC documentation playbooks and standard operating procedures.
  • Support vulnerability management initiatives and risk-based remediation efforts.
  • Contribute to SOC maturity improvements aligned with industry frameworks and best practices.

  Security Operations

  • Overall 8 years of experience of which 3 years of experience in a Security Operations Center (SOC) Detection Engineering Incident Response or Cyber Defense role.
  • Strong understanding of incident detection triage investigation containment and response processes.
  • Experience analyzing security events from multiple data sources including endpoints network devices cloud platforms and identity providers.

  SIEM & Security Monitoring

  Hands-on experience with one or more SIEM platforms:

  • Splunk Enterprise Security
  • Sentinel One Singularity Data Lake
  • Microsoft Sentinel
  • QRadar
  • LogRhythm
  • Elastic Security
  • Google Chronicl

Which skills are required:

• • Palo Alto Networks
  • Cisco Security products
  • Fortinet
  • Check Point
  • Zscaler

  Cloud Security

  Experience monitoring and securing cloud environments:

  • AWS
  • Microsoft Azure
  • Google Cloud Platform (GCP)

  Understanding of:

  • Cloud-native security controls
  • IAM
  • Cloud logging and monitoring
  • Cloud threat detection

  Operating Systems

  Strong working knowledge of:

  • Windows Server
  • Active Directory
  • Microsoft Entra ID (Azure AD)
  • Linux administration and security

  Scripting & Automation

  Experience developing automation using:

  • Python
  • PowerShell
  • Bash
  • C#

  Ability to:

  • Consume APIs
  • Automate security workflows
  • Build integrations between security platforms

  Security Frameworks & Methodologies

  Knowledge of:

  • MITRE ATT&CK
  • Cyber Kill Chain
  • NIST Cybersecurity Framework
  • Incident Response Lifecycle
  • Detection Engineering principles

Preferred Qualifications (Nice to Have)

• Experience building and maintaining SOAR platforms such as:
  • Cortex XSOAR
  • Splunk SOAR
  • Microsoft Sentinel Automation
  • Tines
  • Swimlane
• Experience with threat hunting methodologies and purple team exercises.
• Experience with adversary emulation and detection validation tools.
• Familiarity with:
  • AttackIQ
  • SCYTHE
  • Atomic Red Team
  • Caldera
• Experience supporting:
  • Vulnerability management programs
  • Exposure management initiatives
  • Security control validation
• Experience with cloud security tooling:
  • Microsoft Defender for Cloud
  • Wiz
  • Orca
  • Prisma Cloud
  • Lacework
• Familiarity with Identity Threat Detection and Response (ITDR) technologies.
• Experience supporting zero trust security initiatives.
• Exposure to DevSecOps CI/CD security and container security technologies.
• Knowledge of Kubernetes Docker and modern application security concepts.
• Experience working within regulated industries such as financial services healthcare or critical infrastructure.

Certifications

Preferred certifications include:

• CompTIA Security
• CySA
• GCIH
• GCIA
• GCFA
• GMON
• CISSP
• SC-200 (Microsoft Security Operations Analyst)
• SC-100 (Microsoft Cybersecurity Architect)
• Splunk Certified Cybersecurity Defense Analyst
• CrowdStrike Certified Falcon Administrator

Education

Bachelors degree in Cybersecurity Information Technology Computer Science Information Systems or a related field or equivalent practical experience.

To be successful in this position you will have the following:

• Self-motivated and able to handle tasks with minimal supervision
• Superb analytical and problem-solving skills
• Excellent collaboration and communication (verbal and written) skills
• Outstanding organizational and time management skills

Company Benefits & Perks

• Competitive salary annual performance-based bonus and stock grant
• Retirement plan 401(k) with competitive company match
• Excellent health and wellness benefits including medical dental and vision benefits and a company-paid medical healthcare premium
• Wellness screenings and assessments health coaches and counseling services through an Employee Assistance Program (EAP)
• Paid time off and a generous parental leave policy
• Daily company lunch allowance provided and a fully stocked kitchen with healthy options for breakfast and snacks
• Corporate events including team outings dinners volunteer activities and company sports teams
• Education reimbursement and learning opportunities
• Modern offices with multi-monitor setups

This roles anticipated base salary range is $110000 to $140000 annually based on skills and experience. The offered salary is just part of the total compensation addition to a competitive salary the company offers both a discretionary cash bonus and a stock award as well as a wide range of benefits including health care tuition reimbursement and much more.